feature: added patches to the nginx core to make sure ngx_stream_ssl_preread_module will not skip the rest of the preread phase when SNI server name parsing was successful.
Signed-off-by: Yichun Zhang (agentzh) <agentzh@gmail.com>
This commit is contained in:
parent
30fa60ad5d
commit
93f785eed6
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
|
||||
index e3d11fd9..3717b5fe 100644
|
||||
--- a/src/stream/ngx_stream_ssl_preread_module.c
|
||||
+++ b/src/stream/ngx_stream_ssl_preread_module.c
|
||||
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
|
||||
|
||||
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
|
||||
if (rc != NGX_AGAIN) {
|
||||
- return rc;
|
||||
+ return rc == NGX_OK ? NGX_DECLINED : rc;
|
||||
}
|
||||
|
||||
p += len;
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
|
||||
index e3d11fd9..3717b5fe 100644
|
||||
--- a/src/stream/ngx_stream_ssl_preread_module.c
|
||||
+++ b/src/stream/ngx_stream_ssl_preread_module.c
|
||||
@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
|
||||
|
||||
rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
|
||||
if (rc != NGX_AGAIN) {
|
||||
- return rc;
|
||||
+ return rc == NGX_OK ? NGX_DECLINED : rc;
|
||||
}
|
||||
|
||||
p += len;
|
|
@ -56,6 +56,13 @@ if [ "$answer" = "Y" ]; then
|
|||
echo
|
||||
fi
|
||||
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.13.6`
|
||||
if [ "$answer" = "Y" ]; then
|
||||
echo "$info_txt applying the stream_ssl_preread_no_skip patch for nginx"
|
||||
patch -p1 < $root/patches/nginx-$main_ver-stream_ssl_preread_no_skip.patch || exit 1
|
||||
echo
|
||||
fi
|
||||
|
||||
answer=`$root/util/ver-ge "$main_ver" 1.5.12`
|
||||
if [ "$answer" = "N" ]; then
|
||||
echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"
|
||||
|
|
Loading…
Reference in New Issue